Update session data when updating the password with UpdateUser

443509ca · Valentin Rigal · Erwan Rouchet · 975b3f74 · 443509ca · 443509ca
Commit 443509ca authored 9 months ago by Valentin Rigal Committed by Erwan Rouchet 9 months ago
--- a/arkindex/users/serializers.py
+++ b/arkindex/users/serializers.py
 from django.conf import settings
+from django.contrib.auth import update_session_auth_hash
 from django.contrib.auth.password_validation import validate_password
 from django.contrib.auth.tokens import default_token_generator
 from django.core.exceptions import ValidationError
@@ -66,6 +67,7 @@ class UserSerializer(SimpleUserSerializer):
    def update(self, instance, validated_data):
        if "password" in validated_data:
            instance.set_password(validated_data.pop("password"))
+            update_session_auth_hash(self.context["request"], instance)
        return super().update(instance, validated_data)



--- a/arkindex/users/tests/test_registration.py
+++ b/arkindex/users/tests/test_registration.py
@@ -57,6 +57,12 @@ class TestRegistration(FixtureAPITestCase):
        self.assertEqual(response.status_code, status.HTTP_200_OK)
        self.user.refresh_from_db()
        self.assertTrue(self.user.check_password("N€wP4$5w0Rd"))
+        # Ensure client session is still valid
+        response = self.client.get(
+            reverse("api:user-retrieve"),
+            format="json",
+        )
+        self.assertEqual(response.status_code, status.HTTP_200_OK)

    def test_update_display_name(self):
        self.client.force_login(self.user)